What is most valuable?
Every feature of this product - Password Management, Session Management and so on has its own value depending on different use cases, but I like:
- It's a clientless product and does not require any third-party product for any of its operations (Password Management, Privileged Session Management).
- For password and session management, it can integrate with any device/script with a password OOB or via a custom plugin.
- Compared to other products, CyberArk is extremely easy to install and configure.
How has it helped my organization?
Due to regular growth of an organization infrastructure, managing passwords within the organization becomes extremely difficult.
In larger organizations with a large user and infrastructure base, it can be very difficult to ensure that the passwords for privileged accounts are changed according to the organization security policy. This can be especially true in case of local admins for Windows and Unix boxes. Unmanaged/neglected local admins accounts lead to a major security threat.
Another major risk is to monitor activities and usages associated with privileged accounts to hold people accountable for their actions.
CyberArk helps organizations to manage all the privileged account passwords (server or workstation) in a centralization location as per organizational security policies. It also helps to hold people accountable by controlling and managing password usage using privileged session management.
Accountability is set up using CyberArk OOB temper-proof reports.
What needs improvement?
CyberArk has evolved a lot in the last 16 years and has nearly all the features required for effective operation. The only area for improvement is using a native client while connecting to the target device instead of the current method of using a web portal (PVWA). CyberArk seems to be working on this area and we expect these features in coming versions.
It would be great if in the future CyberArk considers launching an installer for Unix-based OSs.
For how long have I used the solution?
I have been using this product since 2010.
What do I think about the stability of the solution?
In my seven years of experience with CyberArk products, I have never seen an unstable environment due to product functionality. It's always lack of proper planning, inexperience and faulty configuration that leads to an unstable environment.
What do I think about the scalability of the solution?
CyberArk can be horizontally and vertically scaled, if it is well thought out during panning phase. As an example, if an organization feels that they may need high availability of Vault servers (CyberArk’s centralized storage for passwords and audit data) in the foreseeable future, they should consider installing CyberArk Vault in cluster mode instead of standalone mode. One can't use a standalone vault as a cluster vault or convert a standalone vault to a cluster vault, but in terms of increasing the number of passwords and session recording, underlying hardware can be scale to achieve desired size.
How are customer service and technical support?
Three-year support (unlimited case and call support) is free with license purchase but I would say sometimes it's not sufficient to resolve the issues with this model.
Nonetheless, CyberArk Profession Services is quite impressive, even though it's a costly affair.
Which solution did I use previously and why did I switch?
I was part of the PIM product evaluation team at my previous organization. I stayed with CyberArk because is it's extremely easy to implement, and very stable when implemented with well-thought-out planning and experience. It has all of the required features for a PIM product, it does not have dependencies on third-party products for it to function and it is clientless.
How was the initial setup?
Initial set up is super simple and if planned properly, can be installed within a couple of hours.
What's my experience with pricing, setup cost, and licensing?
I cannot comment much on this because CyberArk has different pricing for its partners or resellers, and might also vary according to size of procurement.
Which other solutions did I evaluate?
Before choosing this product, I also I evaluated NetIQ PIM, Dell TPAM, CA PIM and ARCOS.
What other advice do I have?
Invest as much as possible in the planning and design phase. Consider at least future three-year growth in password and user base such as growth in virtual environments, and size accordingly. Also consider requirements like high availability of vaults, PSM and other components.
Which version of this solution are you currently using?